Microsoft Patch Tuesday Ensnares Windows RT Users

Like countless Microsoft PC users before them, Surface owners are about to take part in the tradition of Patch Tuesday.

Windows RT, Microsoft's tablet-friendly version of the Windows 8 operating system for ARM-based tablets and systems, joins the Patch Tuesday ritual for the second time in its short existence.

On Dec. 11, Microsoft will release a fresh batch of security updates affecting its Windows desktop and server operating systems. This time around, the company has announced that two "critical" fixes are in store for the OS that runs the company's own Surface tablet.

Surface is Microsoft's stab at the booming tablet market, which is being fueled, in part, by brisk enterprise adoption. To gain a foothold in this "post-PC era," the software giant made the controversial decision of manufacturing and selling its own tablet hardware.

Adding another wrinkle to the Surface RT story is that it turns its back on a rich legacy of Windows software.

Given the slate's ARM-based architecture, Surface is a Windows RT-only affair, at least for now. (An x86-compatible version called Surface Pro will go on sale next month.) That means that Surface tablets—and other Windows RT devices like it—are closed off to the vast library of traditional x86 Windows software in favor of an app ecosystem that mimics the popular Apple's iOS and Google's Android app marketplaces.

While it attempts to blaze its own trail, Windows RT is following in the footsteps of its predecessors in one important regard: Patch Tuesday.

With the Patch Tuesday coming Dec. 11, Microsoft will issue a fix affecting Internet Explorer 10 on Windows RT and another that affects the core OS. The company's advance security notification states that the vulnerabilities that they remedy are severe enough for them to warrant a "critical" rating, Microsoft's highest in terms of potential damage, unauthorized access or loss of data.

Microsoft classifies a critical flaw in its software as a "vulnerability whose exploitation could allow code execution without user interaction. These scenarios include self-propagating malware (e.g., network worms), or unavoidable common-use scenarios where code execution occurs without warnings or prompts."

It's a harrowing prospect for tablet users seeking a respite from the game of cat-and-mouse that plagues desktop and server software security. Microsoft adds, "This could mean browsing to a Web page or opening email," two of the most common use cases for tablets.

There is one potential bright spot, provided that Microsoft decides to fully embrace Windows RT into its extensive corporate systems and user-management toolsets. For instance, joining Active Directory domains with an RT system is a non-starter.

Today, IT departments are generally well-versed in Patch Tuesday and already have procedures in place to roll out software updates to their users and the Windows systems under their purview. Microsoft counts on this fact and endlessly touts how Windows 8 (non-RT) seamlessly slips into business environments, courtesy of a code base that borrows heavily from Windows 7.

If administrators and Windows veterans can manage RT devices as readily and completely as Windows PCs, Microsoft may find enterprises more receptive to its tablet OS.